Assignment Title - Validating and testing digital forensics tools and evidence
Purpose of the assessment (with ULO Mapping) - This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
b) Record, administer and document digital forensics in social media.
Assignment Description - Assignment - Leaving Clues to a Crime
In this Assignment you will create a pretended crime scenario that needs computer forensic analysis. Along with the crime scenario, create digital clues that may be left on a small portable storage device.
IMPORTANT: Any names of persons or organizations in the crime scenario should be pretended; DO NOT use the names of real people or businesses. Also, DO NOT develop a crime scenario involving child pornography or anything that can be interpreted as a threat to the public. Acceptable topics include theft, embezzlement, kidnapping a fictitious character, the murder of a fictitious character, etc.
The chosen crime scenario must be discussed according to the following questions:
Questions:
Q1) You will leave your digital "clues" on a flash/thumb drive. Provide your thumb drive (containing your digital clues) for analysis as an image by using software such as ProDiscover.
Include this screenshot in your final report!
Your digital clues must include at least one of each of the following:
- Hidden file
- Deleted file
- Graphic file
- Password-protected file
- Web access (browser history)
- Change extension of one file such as .docs to .pdf
Q2) Discuss what should you consider when determining which data acquisition method to use.
Q3) Discuss some options that can be used for preserving the data in this situation
Q4) Explain two acquisition methods that you should use in this situation.
Assignment 1b: Create and Delete Files on USB Drive
In this Assignment 1b, you need to find any evidence of the Assignment 1a, and any data that might have been generated from the suspect's hard drive, so that, it may be presented in a court of law. To create your digital clues, please do the following task:
1. On your USB drive, create a word file named your Student ID, where the blank should be filled with your name, mobile, citizen, address and some other information.
The file should contain the following sentence: "I have enrolled for MN624 Digital Forensic." The first blank in the sentence should be filled in with your Full name and the second blank with the date when you registered for this unit.
2. On the same drive, create an excel file named "StudentID.xls", where the First column should be filled with your units name that you had at MIT last semester and the second column should be filled with your marks with those units.
3. Store your current Photo on a USB drive and save it in JPG format or other images format.
4. Take a screenshot of your Windows Explorer window showing the content of the USB's folder hosting the three files.
Include this screenshot in your final report! Now delete those files, and then take another screenshot of the respective folder's content (after the two files have been deleted). Include this screenshot in your final report.
Table 1: Digital forensics Tools (You can choose any two tools for your demonstration with your tutor's consent)
Serial # Name of the security tool
1 The Sleuth Kit (Autopsy)
2 FTK Imager
3 X-Ways Forensics
4 CAINE (Computer Aided Investigative Environment)
5 SANS Investigative Forensic Toolkit (SIFT)
Table 1
Q1) Use two computer forensics tool from table 1 to Acquire an Image of USB Drive. In the report, you need to include the screenshots of each step.
Q2) Use two computer forensics tool from table 1 to Recover Deleted Images and to verify which files have changed of extension. In the report, you need to include the screenshots of each step.
Q3) validate your results by using hash algorithms.
Q4) Comparison of the digital forensics tools that you used in this work. Your comparison could include:
- Digital forensics features
- Time is taken to detect acquire threat
- Ease of usage
Q7) Demonstration of the two digital forensics tools that you used in this work on week 7.
Note - Word limit Max 2000 words.
Attachment:- Validating and testing digital forensics tools.rar